|
Home > |
|---|
HSM firmware version 6.24.0 introduced a change in how ongoing PED operations interact with cryptographic operations requested simultaneously.
PED operations interrupt other operations occurring at the same time on the HSM. The HSM waits for a PED operation to complete before processing requests for other operations. This can cause delays in production.
PED operations no longer interrupt other operations occurring at the same time on the HSM in most cases. The most beneficial effect is that PED operations acting on a partition no longer block operations occurring on other partitions on the same HSM. In this way, you can perform maintenance and configuration on your HSM without interrupting important client applications. PED operations might still block cryptographic operations occurring on the same partition, especially high volumes of write object requests.
PEDs are generally unit-interchangeable (with limitations within the version range, PED 2.x, see table), and more specifically interchangeable within the same PED-firmware version. That is, if a Luna PED with a given firmware supports your current operation with your current HSM version, then any Luna PED with the same, or newer, firmware can replace it.
Note: Exception - If you are using the Remote PED feature, only another PED with Remote capability can support that operation, regardless of firmware version.
PED 2.x is the current generation. A migration path is available if you have the legacy Luna PED 1.x - contact Gemalto Technical Support.
Newer PED firmware versions are compatible with HSM versions shown in their row in the table, and backward compatible with any earlier HSM that requires a version 2.x PED.
|
PED firmware version |
Local PED operation and Remote PED capable |
PED-mediated MofN per secret (with HSM f/w 6.x/7.x) |
Field updates |
Audit User (white PED key) |
Small Form-factor Backup |
PED version is feature-compatible with SafeNet Luna HSM firmware version(s) |
|---|---|---|---|---|---|---|
|
2.2.0 |
Yes |
No |
No |
No |
No |
•SafeNet Luna HSM 4, f/w 4.x |
|
2.4.0-3 |
Yes |
Yes |
To 2.5.0 |
No |
No |
•SafeNet Luna 5.0, f/w 6.0.8 •SafeNet Luna 5.1.x, f/w 6.2.1 |
|
2.5.0-3 |
Yes |
Yes |
To 2.6.0 |
Yes |
No |
•SafeNet Luna 5.2, f/w 6.10.2 •SafeNet Luna 5.3.1 f/w 6.20.0 |
|
2.6.0-6 |
Yes |
Yes |
Yes |
Yes |
Yes |
•SafeNet Luna 5.4, f/w 6.21.0 •SafeNet Luna 6.0, f/w 6.22.0 |
|
2.7.1-5 |
Yes |
Yes |
Yes |
Yes |
No |
•SafeNet Luna 6.x, f/w 6.22.0 •SafeNet Luna 7.x, f/w 7.x |
HSMs before the K6 (the HSM inside SafeNet Luna Network HSM 6.x) and G5 (the HSM for PKI with SafeNet Luna Network HSM, the core of the SafeNet Luna Backup HSM) used an older, smaller domain secret, incompatible with current HSMs.
To provide a one-way migration path to move HSM objects from legacy HSMs to modern HSMs, a command partition setlegacydomain allows an old-style domain to be linked to a new-style domain on a K7, K6 or G5.